Revision [29486]

Last edited on 2013-11-08 11:35:27 by darkcity
Additions:
~[[Spot|Root, Spot and Fido user accounts]] - Spot and Fido accounts don't have root privileges
Deletions:
~[[Spot]] - Spot and Fido accounts don't have root privileges


Revision [29470]

Edited on 2013-11-08 08:04:50 by darkcity
Additions:
~[[Spot]] - Spot and Fido accounts don't have root privileges
~[[encryption]]
~SecureErase
~ClamAV
Deletions:
~[[Spot]] - Spot and Fido accounts don't have root privileges


Revision [29468]

Edited on 2013-11-08 08:02:37 by darkcity
Additions:
[[HomePage]] > [[ComponentHowTo Components and HowTos]] > [[Security]]
~[[http://www.murga-linux.com/puppy/viewtopic.php?p=633797#633797 Running as Root - tallboy perspective]]
Deletions:
[[HomePage]] > [[ComponentHowTo Components and HowTos]] > [Security]
~[[http://www.murga-linux.com/puppy/viewtopic.php?p=633797#633797 tallboy perspective]]


Revision [29467]

Edited on 2013-11-08 08:00:50 by darkcity
Additions:
{{include tonguesSecurity}}
[[HomePage]] > [[ComponentHowTo Components and HowTos]] > [Security]
{{image width="48" height="48" url="http://img814.imageshack.us/img814/5626/logowoof4.png" title="text" alt="text"}}
====Security====
~Security includes protection from data loss, data theft and data corruption.
==List of Precaustion==
==Further Reading==
~[[http://www.osnews.com/story/21901/Adobe_s_Flash_Flawed_Time_to_Do_Without_/ Potential Flash point]]
~http://www.builderau.com.au/program/linux
~[[http://www.murga-linux.com/puppy/index.php?f=47 Security forum thread]]
~[[http://www.seifried.org/security/index.php/Linux_Security Linux Security]]
~[[http://csrc.nist.gov/publications/history/ Security History]]
~[[http://tldp.org/HOWTO/Security-Quickstart-HOWTO/ Linux security Howto]]
~[[http://www.sans.org/top20/top10.php 10 tips]]
~[[http://www.heise.de/tp/r4/artikel/5/5263/1.html NSA in Windows]]
~[[http://www.sans.org/top-cyber-security-risks/ Top Cyber Security Risks]]
~[[http://www.lonerunners.net/blog/archives/722-My-Top-10-Security-Live-CD.html Live Linux CD for security]]
~[[http://www.makeuseof.com/tag/how-to-password-protect-grub-entries-linux/ Password protect GRUB]]
~[[http://group51.org group51.org]]
~[[http://sectools.org/index.html]]
~http://www.virustotal.com/
~http://www.cryptoheaven.com/
~http://epic.org/privacy/tools.html
~http://news.cnet.com/8301-13880_3-20010350-68.html?tag=mncol;mlt_related
~[[http://murga-linux.com/puppy/viewtopic.php?t=41146 forum topic]]
~[[http://www.murga-linux.com/puppy/viewtopic.php?p=405903 forum topic]]
==Security set-up for Puppy 2.16==
==Create Password==
~[[Spot]] - Spot and Fido accounts don't have root privileges
CategoryIndex
Deletions:
[[HomePage]] > [[ComponentHowTo Components and HowTos]]
---
~Security includes protection from data loss, data theft and data corruption
====Computer Security Precautions====
[[http://www.osnews.com/story/21901/Adobe_s_Flash_Flawed_Time_to_Do_Without_/ Potential Flash point]]
http://www.builderau.com.au/program/linux
[[http://www.murga-linux.com/puppy/index.php?f=47 Security forum thread]]
[[http://www.seifried.org/security/index.php/Linux_Security Linux Security]]
[[http://csrc.nist.gov/publications/history/ Security History]]
[[http://tldp.org/HOWTO/Security-Quickstart-HOWTO/ Linux security Howto]]
[[http://www.sans.org/top20/top10.php 10 tips]]
[[http://www.heise.de/tp/r4/artikel/5/5263/1.html NSA in Windows]]
[[http://www.sans.org/top-cyber-security-risks/ Top Cyber Security Risks]]
[[http://www.lonerunners.net/blog/archives/722-My-Top-10-Security-Live-CD.html Live Linux CD for security]]
[[http://www.makeuseof.com/tag/how-to-password-protect-grub-entries-linux/ Password protect GRUB]]
[[http://group51.org group51.org]]
http://www.murga-linux.com/puppy/viewtopic.php?p=405903
http://sectools.org/index.html
http://www.virustotal.com/
http://www.cryptoheaven.com/
http://epic.org/privacy/tools.html
http://news.cnet.com/8301-13880_3-20010350-68.html?tag=mncol;mlt_related
http://murga-linux.com/puppy/viewtopic.php?t=41146
__{{color text="Security set-up for Puppy 2.16" c="green"}}__
__{{color text="Create Password" c="green"}}__


Revision [29218]

Edited on 2013-10-16 07:24:59 by coolpup
Additions:
~http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance


Revision [29217]

Edited on 2013-10-16 07:21:46 by coolpup
Additions:
- Adobe Flash Player: either remove it or use the [[libflashplayer latest available version]]
Deletions:
- Adobe Flash Player may pose too high a risk for some users - either disable it or configure the Web browser to restrict its use
- use the latest available version of Web browsers: SeaMonkey, [[Firefox]]
- use the latest available version of [[FlashPlayer Adobe Flash Player]] (if it is used)


Revision [29216]

Edited on 2013-10-16 07:15:51 by coolpup
Additions:
~https://github.com/freedomofpress/securedrop
Deletions:
~-https://github.com/freedomofpress/securedrop


Revision [29215]

Edited on 2013-10-16 07:15:06 by coolpup
Additions:
====Computer Security Precautions====
- re-new the default system password using the [[passwd]] utility
- use the latest available versions of: [[gnupg]], [[libgcrypt]], [[openssl]]
- use an operating system with a recent Linux kernel version: %%uname -a%%
~-https://github.com/freedomofpress/securedrop
Deletions:
====Security Precautions====
- renew the default system password using the [[passwd]] utility
- use the latest available versions of cryptography libraries: [[libgcrypt]], [[openssl]]
- use a PuppyVersion with a recent Linux kernel version: %%uname -a%%
==References==


Revision [29053]

Edited on 2013-10-05 15:55:04 by coolpup
Additions:
- use the latest available versions of cryptography libraries: [[libgcrypt]], [[openssl]]
Deletions:
- use the latest available versions of cryptography libraries: [libgcrypt]], [[openssl]]


Revision [29052]

Edited on 2013-10-05 15:54:23 by coolpup
Additions:
---


Revision [29051]

Edited on 2013-10-05 15:53:57 by coolpup
Additions:
~Security includes protection from data loss, data theft and data corruption
Deletions:
{{image width="48" height="48" url="http://img814.imageshack.us/img814/5626/logowoof4.png" title="text" alt="text"}}
---
~Security includes protection from data loss, data theft and data corruption.


Revision [29050]

Edited on 2013-10-05 15:52:32 by coolpup
Additions:
====Security Precautions====
- use the latest available versions of file-system tools: [[bzip2]], [[dosfstools]], [[e2fsprogs]], [[grep]], [[gzip]], [[ntfs3g]], [[tar]], [[xz]]
- use the latest available versions of cryptography libraries: [libgcrypt]], [[openssl]]
- use a PuppyVersion with a recent Linux kernel version: %%uname -a%%
==Appendix==
Deletions:
==Security Precautions==
- use the latest available versions of file-system tools: [[bzip2]], [[dosfstools]], [[e2fsprogs]], [[grep]], [[ntfs3g]], [[tar]], [[xz]]
- use the latest available versions of cryptography libraries: [[gnutls]], [[libgcrypt]], [[openssl]]
- use a PuppyVersion with a recent Linux kernel version
===Appendix===


Revision [26901]

Edited on 2013-03-29 04:54:44 by darkcity
Additions:
==Also on the Wiki==
~[[AttackPup]] - Puppy for network testing
~[[PenetrationTesting penetration testing]] - network testing
~[[Privacy]] - Keeping your information private
~[[WatchDog]] - Puppy for securing your home
==Related Webpages==
~[[http://bkhome.org/blog/?viewDetailed=02241 Fido on Barry's blog]]
~[[http://murga-linux.com/puppy/viewtopic.php?p=335216#335216 Puppy GROWL thread]]
~[[http://youtu.be/_uZ_qZgOwg4 Lobster security podcast]]
~[[http://www.murga-linux.com/puppy/viewtopic.php?p=633797#633797 tallboy perspective]]
Deletions:
==See also==
[[Privacy]] - Keeping your information private
[[http://bkhome.org/blog/?viewDetailed=02241 Fido]]
[[http://murga-linux.com/puppy/viewtopic.php?p=335216#335216 Puppy GROWL]]
[[http://youtu.be/_uZ_qZgOwg4 Lobster security podcast]]
[[WatchDog]] - Secure your home
[[http://www.murga-linux.com/puppy/viewtopic.php?p=633797#633797 tallboy perspective]]


Revision [24166]

Edited on 2012-09-29 08:36:41 by coolpup
Additions:
- use the latest available versions of cryptography libraries: [[gnutls]], [[libgcrypt]], [[openssl]]
Deletions:
- use the latest available versions of cryptography libraries: [[gnutls]], [[libgcrypt]]


Revision [24153]

Edited on 2012-09-29 06:33:16 by coolpup
Additions:
{{image width="48" height="48" url="http://img814.imageshack.us/img814/5626/logowoof4.png" title="text" alt="text"}}
Deletions:
{{image width="96" height="96" url="http://img814.imageshack.us/img814/5626/logowoof4.png" title="text" alt="text"}}


Revision [24152]

Edited on 2012-09-29 06:31:28 by coolpup
Additions:
- use the latest available versions of file-system tools: [[bzip2]], [[dosfstools]], [[e2fsprogs]], [[grep]], [[ntfs3g]], [[tar]], [[xz]]
Deletions:
- use the latest available versions of file-system tools: [[bzip2]], [[dosfstools]], [[e2fsprogs]], [[grep]], [[ntfs3g]], [[tar]]


Revision [24151]

Edited on 2012-09-29 06:30:23 by coolpup
Additions:
{{image width="96" height="96" url="http://img814.imageshack.us/img814/5626/logowoof4.png" title="text" alt="text"}}
Deletions:
{{image width="96" url="http://img814.imageshack.us/img814/5626/logowoof4.png" title="text" alt="text"}}


Revision [24150]

Edited on 2012-09-29 06:29:49 by coolpup
Additions:
{{image width="96" url="http://img814.imageshack.us/img814/5626/logowoof4.png" title="text" alt="text"}}
Deletions:
{{image width="120" url="http://img814.imageshack.us/img814/5626/logowoof4.png" title="text" alt="text"}}


Revision [24149]

Edited on 2012-09-29 06:29:20 by coolpup
Additions:
~Security includes protection from data loss, data theft and data corruption.
==Security Precautions==
- use the latest available versions of file-system tools: [[bzip2]], [[dosfstools]], [[e2fsprogs]], [[grep]], [[ntfs3g]], [[tar]]
- use the latest available versions of cryptography libraries: [[gnutls]], [[libgcrypt]]
- use the latest available version of Web browsers: SeaMonkey, [[Firefox]]
- disable ""JavaScript"" within the Web browser (with a subsequent loss in Web-page functionality)
- perform virus detection: ClamAV
---
Deletions:
====Security====
Security includes protection from data loss, data theft and data corruption.
====Tin Hat Security Precautions====
- use the latest available versions of file-system tools: [[bzip2]], [[dosfstools]], [[e2fsprogs]], [[ntfs3g]], [[tar]]
- use the latest available versions of cryptography libraries: [[openssl]], [[gnutls]], [[libgcrypt]]
- use the latest available version of Web browsers: [[Opera]], SeaMonkey, [[Firefox]], [[Arora]]
- disable ""JavaScript"" within the Web browser (with a subsequent loss in functionality)
- use ClamAV


Revision [23838]

Edited on 2012-09-13 02:33:16 by CrustyLobster [some anomolies deleted]
Additions:
Security includes protection from data loss, data theft and data corruption.
====Tin Hat Security Precautions====
- Adobe Flash Player may pose too high a risk for some users - either disable it or configure the Web browser to restrict its use
[[Privacy]] - Keeping your information private
[[http://bkhome.org/blog/?viewDetailed=02241 Fido]]
[[http://murga-linux.com/puppy/viewtopic.php?p=335216#335216 Puppy GROWL]]
[[http://youtu.be/_uZ_qZgOwg4 Lobster security podcast]]
[[WatchDog]] - Secure your home

[[http://www.osnews.com/story/21901/Adobe_s_Flash_Flawed_Time_to_Do_Without_/ Potential Flash point]]
http://www.builderau.com.au/program/linux
[[http://www.murga-linux.com/puppy/index.php?f=47 Security forum thread]]
[[http://www.seifried.org/security/index.php/Linux_Security Linux Security]]
[[http://csrc.nist.gov/publications/history/ Security History]]
[[http://tldp.org/HOWTO/Security-Quickstart-HOWTO/ Linux security Howto]]
[[http://www.sans.org/top20/top10.php 10 tips]]
[[http://www.heise.de/tp/r4/artikel/5/5263/1.html NSA in Windows]]
[[http://www.sans.org/top-cyber-security-risks/ Top Cyber Security Risks]]
[[http://www.lonerunners.net/blog/archives/722-My-Top-10-Security-Live-CD.html Live Linux CD for security]]
[[http://www.makeuseof.com/tag/how-to-password-protect-grub-entries-linux/ Password protect GRUB]]
[[http://group51.org group51.org]]
http://www.murga-linux.com/puppy/viewtopic.php?p=405903
http://sectools.org/index.html
http://www.virustotal.com/
http://www.cryptoheaven.com/
http://epic.org/privacy/tools.html
http://news.cnet.com/8301-13880_3-20010350-68.html?tag=mncol;mlt_related
http://murga-linux.com/puppy/viewtopic.php?t=41146

Detective Inspector Bruce van der Graaf from the Computer Crime Investigation Unit told the hearing that he uses two rules to protect himself from cyber-criminals when banking online. The first rule, he said, was to never click on hyperlinks to the banking site and the second was to avoid Microsoft Windows: 'If you are using the internet for a commercial transaction, use a Linux boot up disk - such as Ubuntu or some of the other flavours. **Puppy Linux** is a nice small distribution that boots up fairly quickly. It gives you an operating system which is perfectly clean and operates only in the memory of the computer and is a perfectly safe way of doing Internet banking'. [[http://www.itnews.com.au/News/157767,nsw-police-dont-use-windows-for-internet-banking.aspx Source]]
Deletions:
Security involves protection from data loss, data theft and data corruption.
====Security Precautions====
- Adobe Flash Player poses too high a risk for some users - either disable it or configure the Web browser to restrict its use
~[[Privacy]] - Keeping your information private
~[[http://bkhome.org/blog/?viewDetailed=02241 Fido]]
~[[http://murga-linux.com/puppy/viewtopic.php?p=335216#335216 Puppy GROWL]]
~[[WatchDog]] - Secure your home
http://sectools.org/index.html
http://www.virustotal.com/
http://www.cryptoheaven.com/
http://epic.org/privacy/tools.html
http://news.cnet.com/8301-13880_3-20010350-68.html?tag=mncol;mlt_related
http://murga-linux.com/puppy/viewtopic.php?t=41146
IPtables: http://www.murga-linux.com/puppy/viewtopic.php?p=405147#405147
[[http://www.osnews.com/story/21901/Adobe_s_Flash_Flawed_Time_to_Do_Without_/ Potential Flash point]]
http://www.builderau.com.au/program/linux/soa/10_things_you_should_do_to_a_new_Linux_PC_before_exposing_it_to_the_Internet/0,339028299,339274586,00.htm?feed=rss
[[http://www.murga-linux.com/puppy/index.php?f=47 Security forum thread]]
[[http://www.seifried.org/security/index.php/Linux_Security Linux Security]]
[[http://csrc.nist.gov/publications/history/ Security History]]
[[http://tldp.org/HOWTO/Security-Quickstart-HOWTO/ Linux security Howto]]
[[http://www.sans.org/top20/top10.php 10 tips]]
[[http://www.heise.de/tp/r4/artikel/5/5263/1.html NSA in Windows]]
[[http://www.sans.org/top-cyber-security-risks/ Top Cyber Security Risks]]
[[http://www.lonerunners.net/blog/archives/722-My-Top-10-Security-Live-CD.html Live Linux CD for security]]
[[http://www.makeuseof.com/tag/how-to-password-protect-grub-entries-linux/ Password protect GRUB]]
[[http://group51.org group51.org]]
http://www.murga-linux.com/puppy/viewtopic.php?p=405903#405903
Detective Inspector Bruce van der Graaf from the Computer Crime Investigation Unit told the hearing that he uses two rules to protect himself from cyber-criminals when banking online. The first rule, he said, was to never click on hyperlinks to the banking site and the second was to avoid Microsoft Windows: 'If you are using the internet for a commercial transaction, use a Linux boot up disk - such as Ubuntu or some of the other flavours. **Puppy Linux** is a nice small distribution that boots up fairly quickly. It gives you an operating system which is perfectly clean and operates only in the memory of the computer and is a perfectly safe way of doing Internet banking'. [[http://www.itnews.com.au/News/157767,nsw-police-dont-use-windows-for-internet-banking.aspx Source]]
**N.B. choice of operating system becomes irrelevant if recommended security precautions are not applied**


Revision [22148]

Edited on 2012-07-10 15:30:08 by coolpup [some anomolies deleted]
Additions:
__{{color text="Security set-up for Puppy 2.16" c="green"}}__
Deletions:
__{{color text="Security set-up for Puppy 2.16 onwards" c="green"}}__


Revision [22147]

Edited on 2012-07-10 15:28:19 by coolpup [some anomolies deleted]
Additions:
- always have a minimum of three identical versions of valuable or important files on physically //separate// media
Deletions:
- always have a minimum of two copies of valuable or important files on physically //separate// media


Revision [22141]

Edited on 2012-07-10 08:57:20 by coolpup [some anomolies deleted]
Additions:
Security involves protection from data loss, data theft and data corruption.
[[http://www.murga-linux.com/puppy/viewtopic.php?p=633797#633797 tallboy perspective]]
Deletions:
Security involves protection from data loss, data theft and data corruption.>>My views in the debate on the /root vs /home/user/ issue:
Puppylinux is a small, but very powerful, single user distribution, running as root is the only way to do it.
When running from a live CD/DVD, as I always do, there is no other way to access a HD or a memory stick, than as root. An alternative would be to use the same user name as owner of the devices, but then, what is the point of a puppy if it isn't portable?
When that is said, I also have to mention the number of times I have uploaded files to my /home-directory at the university, and forgot to change the permissions, making my own files inccessible from an on-site pc, where safety issues prevent me from booting my dpup...
Puppylinux is small because it is intended for a single-user, anyone can carry it on a CD/DVD or a USB stick, it 'works right out of the box', with a minimum of setup. I see no need for puppylinux as a multi-user distribution whatsoever!
I really think that people who need a multi-user puppy, should maybe look for another distribution? Why complicate life by adding more code to a puppy?
Although I am the only one accessing my machines, my multi-GB Debian on HDs is run as multi-user. Very sensible, not only because of all the hazzle of installing such a massive distribution, but to avoid having several users spending their remaining days with configuring and setting up, potentially thousands of applications.
I feel safe! I don't have a home page in my dpup's browser, I usually turn on privacy mode when I use it, my internet provider has firewalls, they give me a new IP every time I log on, I have a firewall, I run from RAM, no savefile on HD, but I can access all devices plugged in, if needed.
I don't have the need for communicating to god knows who, through our new 'social media', all kind of private information that might be useful for some attack on my privacy.
To feel even more safe, there are always the applications that hide your IP, let you browse from an anonymous 'safe' account, through TOR if you want that, and probably lots of other safe ways to access the internet. I don't use them, and I don't know anything about them. (Yet.)
Chroot, anyone?
[[http://www.murga-linux.com/puppy/viewtopic.php?p=633797#633797 tallboy]]>>


Revision [22140]

Edited on 2012-07-10 08:54:04 by coolpup [some anomolies deleted]
Deletions:
CategorySoftware


Revision [21866]

Edited on 2012-06-13 16:31:52 by darkcity [tidy]
Additions:
CategoryTutorial


Revision [21863]

Edited on 2012-06-13 16:28:30 by darkcity [tidy]
Additions:
~[[Privacy]] - Keeping your information private
~[[WatchDog]] - Secure your home
Deletions:
~[[Privacy]]
~[[GuardDog]]


Revision [21862]

Edited on 2012-06-13 16:26:10 by darkcity [tidy]
Additions:
[[HomePage]] > [[ComponentHowTo Components and HowTos]]
{{image width="120" url="http://img814.imageshack.us/img814/5626/logowoof4.png" title="text" alt="text"}}
====Security====
Security involves protection from data loss, data theft and data corruption.>>My views in the debate on the /root vs /home/user/ issue:
[[http://www.murga-linux.com/puppy/viewtopic.php?p=633797#633797 tallboy]]>>
~[[Privacy]]
~[[http://bkhome.org/blog/?viewDetailed=02241 Fido]]
~[[http://murga-linux.com/puppy/viewtopic.php?p=335216#335216 Puppy GROWL]]
~[[GuardDog]]
Deletions:
Security involves protection from data loss, data theft and data corruption.{{image class="right" url="http://img814.imageshack.us/img814/5626/logowoof4.png" title="text" alt="text"}}
<<My views in the debate on the /root vs /home/user/ issue:
[[http://www.murga-linux.com/puppy/viewtopic.php?p=633797#633797 tallboy]]<<
[[Privacy]], [[http://bkhome.org/blog/?viewDetailed=02241 Fido]], [[http://murga-linux.com/puppy/viewtopic.php?p=335216#335216 Puppy GROWL]]


Revision [21833]

Edited on 2012-06-13 01:50:10 by CrustyLobster [tallboy info]
Additions:
<<My views in the debate on the /root vs /home/user/ issue:
Puppylinux is a small, but very powerful, single user distribution, running as root is the only way to do it.
When running from a live CD/DVD, as I always do, there is no other way to access a HD or a memory stick, than as root. An alternative would be to use the same user name as owner of the devices, but then, what is the point of a puppy if it isn't portable?
When that is said, I also have to mention the number of times I have uploaded files to my /home-directory at the university, and forgot to change the permissions, making my own files inccessible from an on-site pc, where safety issues prevent me from booting my dpup...
Puppylinux is small because it is intended for a single-user, anyone can carry it on a CD/DVD or a USB stick, it 'works right out of the box', with a minimum of setup. I see no need for puppylinux as a multi-user distribution whatsoever!
I really think that people who need a multi-user puppy, should maybe look for another distribution? Why complicate life by adding more code to a puppy?
Although I am the only one accessing my machines, my multi-GB Debian on HDs is run as multi-user. Very sensible, not only because of all the hazzle of installing such a massive distribution, but to avoid having several users spending their remaining days with configuring and setting up, potentially thousands of applications.
I feel safe! I don't have a home page in my dpup's browser, I usually turn on privacy mode when I use it, my internet provider has firewalls, they give me a new IP every time I log on, I have a firewall, I run from RAM, no savefile on HD, but I can access all devices plugged in, if needed.
I don't have the need for communicating to god knows who, through our new 'social media', all kind of private information that might be useful for some attack on my privacy.
To feel even more safe, there are always the applications that hide your IP, let you browse from an anonymous 'safe' account, through TOR if you want that, and probably lots of other safe ways to access the internet. I don't use them, and I don't know anything about them. (Yet.)
Chroot, anyone?
[[http://www.murga-linux.com/puppy/viewtopic.php?p=633797#633797 tallboy]]<<


Revision [20044]

Edited on 2012-01-02 09:58:58 by coolpup [tallboy info]
Additions:
- use ClamAV
[[Privacy]], [[http://bkhome.org/blog/?viewDetailed=02241 Fido]], [[http://murga-linux.com/puppy/viewtopic.php?p=335216#335216 Puppy GROWL]]
Deletions:
- use ClamAV
**In puppy linux your user account is called root, but is not root. In puppy root is user.**
Root in puppy root is the underlying ramdisk. the main "PUPversion.sfs" is, or contains (actually, installs again each startup), the root file system. When you start your puppy the real root filesystem gets copied to ram, or swap. You use the copies of the root files in ram or swap. When you shut down your ram/swap copy of your main sfs root is deleted. Next time you start the main sfs installs another copy of itself to ram/swap. Real roots don't get any more secure than that, especially if the real root is on non-writable CD.
Running puppy frugal from a CD there is no way your main sfs root files can be altered. Running frugal with the main sfs copied to HD, the main sfs is copied from HD to ram/swap, then is not touched again. It can be altered by someone mounting it and opening it with another puppy, since HDs allow writing and erasing. But if anyone roots you during a session they root your user-root account for the session only. If they install a rootkit it installs to your pup-save and can install from there again next session. You can prevent that by erasing the contents of your pup-save, so your ramdisk root writes fresh files to it when you start your next session. You need to move files you want to save out to a back-up save file before you wipe your pup-save contents (don't wipe the whole pup-save, only all files in it).
To modify your real root system in puppy you have to run the "remaster puppy live-CD" program from the setup menu. That's how you " su " in puppy. You have to make your modifications in your user-root puppy first, adding and subtracting what you want. You make your new root account when you do the remaster of what you have set up..
I check the integrity of my main sfs files when I copy them to HD for frugal installs (I don' t full install, so I don' t know if files are secure in those) by making hashes of my main SFS files when I first copy, then re-hashing hem and checking against the first hash from time to time. So far I have not found a main puppy sfs file to change.
Renaming puppy root isn't a good option because lots of files look for "/root" and don't find it if it's named something else. Those who have set up multi-user puuppies have found that finding and changing every pathname instance is tedious and frustrating.
Puppy Linux is single-user per session and pup-save. It's the way it works. Each user launches his own ramdisk-root from the same main sfs root and modifies his or her own session from his or her pup-save store of preferences. For personal files each using the same computer has to make his or her own password protected encrypted save-file, or have his or her own flash-drive.
[[Privacy]], [[http://bkhome.org/blog/?viewDetailed=02241 Fido]], [[http://murga-linux.com/puppy/viewtopic.php?p=335216#335216 Puppy GROWL]], WarDog


Revision [20029]

Edited on 2011-12-31 06:24:16 by CrustyLobster [removed false postive rootkit checker]
Additions:
- use ClamAV
Deletions:
- use ClamAV and [[chkrootkit]] for malware detection


Revision [19516]

Edited on 2011-11-14 23:15:20 by CrustyLobster [in puppy root is user]
Additions:
**In puppy linux your user account is called root, but is not root. In puppy root is user.**
Root in puppy root is the underlying ramdisk. the main "PUPversion.sfs" is, or contains (actually, installs again each startup), the root file system. When you start your puppy the real root filesystem gets copied to ram, or swap. You use the copies of the root files in ram or swap. When you shut down your ram/swap copy of your main sfs root is deleted. Next time you start the main sfs installs another copy of itself to ram/swap. Real roots don't get any more secure than that, especially if the real root is on non-writable CD.
Running puppy frugal from a CD there is no way your main sfs root files can be altered. Running frugal with the main sfs copied to HD, the main sfs is copied from HD to ram/swap, then is not touched again. It can be altered by someone mounting it and opening it with another puppy, since HDs allow writing and erasing. But if anyone roots you during a session they root your user-root account for the session only. If they install a rootkit it installs to your pup-save and can install from there again next session. You can prevent that by erasing the contents of your pup-save, so your ramdisk root writes fresh files to it when you start your next session. You need to move files you want to save out to a back-up save file before you wipe your pup-save contents (don't wipe the whole pup-save, only all files in it).
To modify your real root system in puppy you have to run the "remaster puppy live-CD" program from the setup menu. That's how you " su " in puppy. You have to make your modifications in your user-root puppy first, adding and subtracting what you want. You make your new root account when you do the remaster of what you have set up..
I check the integrity of my main sfs files when I copy them to HD for frugal installs (I don' t full install, so I don' t know if files are secure in those) by making hashes of my main SFS files when I first copy, then re-hashing hem and checking against the first hash from time to time. So far I have not found a main puppy sfs file to change.
Renaming puppy root isn't a good option because lots of files look for "/root" and don't find it if it's named something else. Those who have set up multi-user puuppies have found that finding and changing every pathname instance is tedious and frustrating.
Puppy Linux is single-user per session and pup-save. It's the way it works. Each user launches his own ramdisk-root from the same main sfs root and modifies his or her own session from his or her pup-save store of preferences. For personal files each using the same computer has to make his or her own password protected encrypted save-file, or have his or her own flash-drive.
Deletions:
{{color text="Multi user support in Puppy and Grafpup Linux - my thoughts by Nathan Fischer" c="green"}}
This subject eternally comes up on the Puppy Linux forum and I have grown somewhat tired of the same things being said about it. There is in my opinion a large amount of misinformation floating around about the root account, su, sudo, and security of the above. I thought it would be nice to put my thoughts down on a page and then whenever the subject comes up again I could just link to it and say “Look HERE”, rather than trying to explain the same concepts over and over again.
First off, Linux is by it’s very nature a multi-user system. It is designed that way from the kernel level on up. If you build a distribution from scratch using source code it will be by default multi-user, unless you make changes on purpose to alter that fact. Windows started out life as the opposite, a single user system which the developers have been trying for the last decade or so to turn into a secure, multi-user system.
A lot of people have decried Puppy Linux for running as the root account. But the reasons they give often show a misunderstanding of why the root account can be dangerous. As computer users a hacked system is not always our biggest concern in my opinion. Nor is user error the biggest concern. How many people have actually typed in “rm -R /” into a shell? It just doesn’t really come up as often as the tinfoil hat crowd would have you believe.
Actually, what Windows has proved, if anything, is that it is irresponsible programmers, not users, who pose the most threat to the security of your computer. Especially when those programmers are operating in a closed source, closed door environment with nobody reviewing their code. 99% of the programming done for Windows will try to make system wide changes when it installs onto your computer. In most cases this amounts to little things like changing file associations, so that when you install Joe’s supremely stupid image editor all of a sudden every image file known to man appears on your computer as a Joe’s Image file and opens with Joe’s piece of garbage, which you then will decide to uninstall and spend weeks trying to get your image files to open in Photoshop like they did before. A lot of people have experienced this. And every two bit programmer out there thinks their program deserves a desktop icon as well as a link in the quick launcher, and space (not to mention cpu cycles) to have it ready to go, running in your system tray the moment you start your computer. It wouldn’t be Windows without ten popup messages every time you turn it on, informing you that your computer is not protected.
But often the security flaws were much, much more insidious. The supreme example was ""ActiveX"", which allowed at one time almost any kind of code to be run on your computer, often with administrator rights, just by surfing to the wrong web page. This is the actual reason the root account is dangerous, because you should know what programs your computer is running. Microsoft created a culture where any programmer could run any code on any system and none of their users were informed enough to know what was actually taking place on their own computers. YOU SHOULD KNOW AND CARE WHAT YOUR COMPUTER IS DOING!!!!!!!!!! Funny actually, when they finally locked down the system somewhat all they managed was to take administration rights away from the USER, but continued to allow the idiot programmers to run thier programs as administrator until this lovely thing called Vista finally arrived.
The average Linux user is, by all accounts, much more informed than the average Windows user. There are of course exceptions, but by and large this generalization holds true. And 90% of the programs that run on the worlds Linux boxes are completely open source, so anybody with some initiative can learn exactly what it is they are doing on your system. Not many do, but enough have over the years that the code is pretty thoroughly reviewed. And we share efforts a lot with the BSD folks, who go through the code even more thoroughly than us Linux geeks. Install the average Linux program and you’re LUCKY if you get even a menu entry, let alone a desktop icon, quicklaunch icon, and system tray icon. In fact, you may search half a day before you figure out how to get it to run at all, as opposed to those nice folks in the Windows world who will make sure that you spend the next six months trying to figure out how to turn OFF their wonderful little piece of software and stop it from annoying you at every bootup. Oh, and using up every bit of real estate in your browser window because you needed an extra IE toolbar, didn’t you?
Here’s my point - the users are not the evil ones. They are not the ones who need to be kept from harming their systems. They should be empowered to make decisions about how their computers operate, and have the right to decide what programs run on the machines they paid for and how they run. I will repeat this part - they should be empowered.
How do I relate this to Puppy and Grafpup? Well I wouldn’t have gone to all the effort of converting the legacy scripts from Puppy into multi-user capable code if I didn’t think there were cases where that was desirable. I want the owner of that computer to be able to choose how they want it to run. I’m not going to dictate how they should run their computer, I’m not that egocentric. I like Puppy Linux. A lot. And I feel perfectly safe browsing the web using Puppy because I know what I’m doing, I know I’m using browsers that are by nature more secure than IE (not hard to accomplish), and I know that the system I’m using is not a popular target. And even if it were, the development proceeds at such a breakneck pace that it has the nature of a chameleon.
My reasons for wanting nonroot user accounts are more about convenience. I have five kids, and three of them are of an age that computer use is a regular activity. We are not wealthy enough that each person has their own computer, so individual accounts make it easier to segregate email, web bookmarks, etc. And it keeps my kids from installing software I don’t want on my computer. For instance, flash 9 still crashes the browser on an awful lot of sites. It’s a total piece of crap and I don’t want it installed system wide. They can easily install it in their own user account and play their web-based games, and watch youtube, etc. without crippling my ability to log into online banking. And I can easily monitor what they have been doing because I HAVE ROOT ACCESS. And even if they delete their browsing history I can access it through our router, which they do not have the password to.
Let me comment on a few other related issues. Ubuntu has purposely crippled the ability to log in as root, and instead has configured sudo so that one user can run ANY command as superuser by typing their password. Well, in that case that one user is for all intents and purposes root. This is circular logic that really makes no sense and it is definately not how sudo was intended to be used. Futhermore it has lead a lot of people to the conclusion that sudo is insecure and to be avoided. This is patently false.
Sudo is, by nature, not any more or any less secure than most other pieces of software. It is actually more secure than su, because to use su you have to know the root password and then you can run any command you wish as superuser. Sudo is intended to allow the system administrator, who should know a little about what they are doing, the convenience of letting other users run a carefully selected group of commands with root priviledges. You cannot, as people keep falsely claiming, “sudo su” and so become root. That capability was thought about a long, long time ago and disabled at the source code level. I know this having compiled sudo from source, installed it, and configured it to suit my taste. It is an extremely useful piece of software that just takes a little care and thought when it is being set up.
The only time sudo becomes an insecure piece of software is when someone misconfigures it in a way which will allow a user to escape to a shell as root. For instance allowing sudo to be used to open a file manager, from which they can then launch any program they wish by clicking on the executable in the bin directory. Including, say, Xterm or rxvt. Or, by being Ubuntu. To be fair, you can set up a lot of other users in Ubuntu which will not have the ability to run commands using sudo, and those users will be safe from worrying about accidentally typing “rm -R /”, so they can sleep at night. But they are just providing the illusion of not allowing a root login, by abusing and misconfiguring sudo in a way that it’s developers never intended for it to be used. It is almost akin to a PR stunt. They can claim to be more secure because there is no root login. Well, like I said, that first user may as well BE root.
Another issue which is constantly misrepresented is that of running servers in Puppy. The Apache web server runs by default as the user “nobody” or “daemon”. ""MySQL"" runs as the user ""mysql"" on most systems. Almost all servers behave similarly. Only a handful actually run as root. All of these servers require root access to be started, regardless of whether they are being started in Puppy, Grafpup, or ""OpenBSD"" for that matter, but then discard their superuser powers immediately and become another user for security’s sake. So running a server using Puppy is exactly the same as running a server in any other *nix assuming they are configured in a similar manner. It has absolutely NOTHING to do with whether X is being run as root or as nonroot. Apache will not, WILL NOT, run as root. You cannot force it to do so without altering the source code. I ran http, ftp, pop, smtp, and ssh servers from a Puppy box for almost three years, over the public internet, without ever coming close to being compromised. The idea just doesn’t bother me at all, any more so than it would if I were using Debian, Slackware, or a BSD.
On the flip side, people are constantly asking on the Puppy forum how to set up regular user logins, and an awful lot of folks have griped about how this should be a simple matter to accomplish and why don’t we developers get off our lazy behinds and write the two to three lines of code which will make is possible. Well, speaking as the first person who did just that, all the way, I can tell you it is not in any way trivial. The amount of changes that had to be made were enormous, and every new program written for Puppy has to be gone over with a fine tooth comb to determine whether or not it will run without root access in Grafpup. It was so much work that there is just no way I will ever go back, because I now have too much invested in it.
At the same time there are those who think that writing code to play nice with non-root users is hard, or that it gets in the way of the user. This is not true either. There are only a handful of habits which need to be changed, such as hard coding in /root rather than using $HOME, or leaving files laying around in /tmp, which other users cannot overwrite or delete and thus cannot run your little program once it has been run by another user. These are not difficult adjustments to make once the hard work of the initial conversion has been done. It is a matter of maintaining good coding standards, and furthermore it gives a wider possible audience for your programming because it can then be ported for use in other distributions besides Puppy.
Do I think Puppy should support multiple user accounts? No, but Grafpup will continue to do so and there is a possibility that more such efforts will be spawned. I know of several already. It would be nice if those developing applications for Puppy would give a thought to whether their program would work if launched by a non-root user, but I will adjust as needed and give advice where I think it is necessary. I have a fundamental difference of opinion with Barry Kauler about a few things relating to the design of the distribution, but they do not detract from my extreme admiration for what he has accomplished with Puppy Linux and how useful it is to so many people. So much so that even though it causes me more work I will continue to syncronize with Puppy from time to time and put in extra work to make sure that my programming can benefit the development of Puppy as a whole. I’ve thrown my lot in with Puppy and that is probably where it will stay for some time.
(http://grafpup.org/ is no longer functional, http://grafpup.com/ leads to a bogus site.)


Revision [19215]

Edited on 2011-10-30 00:25:18 by CrustyLobster [WarDog link too bizarre]
Additions:
[[Privacy]], [[http://bkhome.org/blog/?viewDetailed=02241 Fido]], [[http://murga-linux.com/puppy/viewtopic.php?p=335216#335216 Puppy GROWL]], WarDog
Deletions:
[[Privacy]], [[http://bkhome.org/blog/?viewDetailed=02241 Fido]], [[http://murga-linux.com/puppy/viewtopic.php?p=335216#335216 Puppy GROWL]], [[http://www.greylodge.org/gpc/?p=1748 WarDog]]


Revision [18212]

Edited on 2011-09-24 07:39:20 by coolpup [WarDog link too bizarre]
Additions:
==See also==
[[Privacy]], [[http://bkhome.org/blog/?viewDetailed=02241 Fido]], [[http://murga-linux.com/puppy/viewtopic.php?p=335216#335216 Puppy GROWL]], [[http://www.greylodge.org/gpc/?p=1748 WarDog]]
==References==
Deletions:
See also [[Privacy]], [[http://bkhome.org/blog/?viewDetailed=02241 Fido]], [[http://murga-linux.com/puppy/viewtopic.php?p=335216#335216 Puppy GROWL]], [[http://www.greylodge.org/gpc/?p=1748 WarDog]]
===References===


Revision [18211]

Edited on 2011-09-24 07:37:48 by coolpup [WarDog link too bizarre]
Additions:
- renew the default system password using the [[passwd]] utility
- activate the software firewall ([[http://www.murga-linux.com/puppy/viewtopic.php?t=66966 discussion]]): //Menu > Setup > Linux-Firewall Wizard//
Deletions:
- change the default system password using the [[passwd]] utility
- set up the software firewall ([[http://www.murga-linux.com/puppy/viewtopic.php?t=66966 discussion]]): //Menu > Setup > Linux-Firewall Wizard//


Revision [18210]

Edited on 2011-09-24 07:36:38 by coolpup [WarDog link too bizarre]
Additions:
- Adobe Flash Player poses too high a risk for some users - either disable it or configure the Web browser to restrict its use
Deletions:
- using Adobe Flash Player is a risk - either disable it or configure the Web browser to restrict its use


Revision [18208]

Edited on 2011-09-24 07:30:02 by coolpup [WarDog link too bizarre]
Additions:
- use ClamAV and [[chkrootkit]] for malware detection
Deletions:
- use ClamAV and [[chkrootkit]] (for the paranoid only)


Revision [18207]

Edited on 2011-09-24 07:25:32 by coolpup [WarDog link too bizarre]
Additions:
- use the latest available versions of cryptography libraries: [[openssl]], [[gnutls]], [[libgcrypt]]
Deletions:
- use the latest available versions of cryptography libraries: OpenSSL, GnuTLS, [[libgcrypt]]


Revision [18203]

Edited on 2011-09-24 07:18:51 by coolpup [WarDog link too bizarre]
Additions:
====Security Precautions====
- using Adobe Flash Player is a risk - either disable it or configure the Web browser to restrict its use
- use the latest available version of Web browsers: [[Opera]], SeaMonkey, [[Firefox]], [[Arora]]
- use ClamAV and [[chkrootkit]] (for the paranoid only)
Deletions:
===Security Precautions===
- use the latest available version of Web browsers: [[Opera]], SeaMonkey, [[Arora]]
- use ClamAV, [[chkrootkit]] and [[FPROTantivirus]] (for the paranoid only)


Revision [14532]

Edited on 2011-05-04 04:29:25 by coolpup [WarDog link too bizarre]
Additions:
See also [[Privacy]], [[http://bkhome.org/blog/?viewDetailed=02241 Fido]], [[http://murga-linux.com/puppy/viewtopic.php?p=335216#335216 Puppy GROWL]], [[http://www.greylodge.org/gpc/?p=1748 WarDog]]
Deletions:
===Puppy Security===
- [[http://bkhome.org/blog/?viewDetailed=02241 Fido Pet]] Under development
- [[http://murga-linux.com/puppy/viewtopic.php?p=335216#335216 Puppy GROWL]] security coding
- [[http://www.greylodge.org/gpc/?p=1748 WarDog]] puplet
See also [[Privacy]].


Revision [14454]

Edited on 2011-05-01 01:46:44 by CrustyLobster [Fido Pet - Puppy Security]
Additions:
===Puppy Security===
- [[http://bkhome.org/blog/?viewDetailed=02241 Fido Pet]] Under development
- [[http://murga-linux.com/puppy/viewtopic.php?p=335216#335216 Puppy GROWL]] security coding
- [[http://www.greylodge.org/gpc/?p=1748 WarDog]] puplet
Deletions:
[[http://murga-linux.com/puppy/viewtopic.php?p=335216#335216 Puppy GROWL]] security coding
[[http://www.greylodge.org/gpc/?p=1748 WarDog]] puplet


Revision [14401]

Edited on 2011-04-26 08:46:07 by coolpup [Fido Pet - Puppy Security]
Additions:
Security involves protection from data loss, data theft and data corruption.{{image class="right" url="http://img814.imageshack.us/img814/5626/logowoof4.png" title="text" alt="text"}}
Deletions:
Security involves protection from data loss, data theft, data corruption and data destruction.{{image class="right" url="http://img814.imageshack.us/img814/5626/logowoof4.png" title="text" alt="text"}}


Revision [14400]

The oldest known version of this page was created on 2011-04-26 08:45:16 by coolpup [Fido Pet - Puppy Security]
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki